package nuc.soft.xsf.interceptors;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;



/**
 * 对session进行检查，防止跨站点请求伪造
 * 
 * @author Yuan.Bin
 * 
 */
public class SessionIdValidateFilter implements Filter {

	@Override
	public void init(FilterConfig filterConfig) throws ServletException {

	}

	@Override
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		HttpServletRequest httpServletRequest = (HttpServletRequest) request;
		HttpServletResponse httpServletResponse = (HttpServletResponse) response;
		HttpSession session = httpServletRequest.getSession();
		// 获得用户请求的URI
		String url = httpServletRequest.getRequestURL().toString();
		if (url.endsWith("loginback.jsp") || url.endsWith("reg.jsp")||url.endsWith("login.jsp")
				|| url.endsWith(".eot") || url.endsWith(".svg")
				|| url.endsWith(".ttf") || url.endsWith(".woff")
				|| url.endsWith(".woff2") || url.endsWith(".otf")
				|| url.endsWith(".css") || url.endsWith(".js")
				|| url.endsWith(".gif") || url.endsWith(".png")
				|| url.endsWith(".jpg") || url.endsWith("loginback.action")
				|| url.endsWith("loginbackValidate.action")||url.endsWith("pages/login.jsp")||url.endsWith("login.action")||url.endsWith("pages/*.jsp")) {
			chain.doFilter(httpServletRequest, httpServletResponse);
			return;
		}
		
	if ((session.getAttribute(GlobalConstants.LOGIN_USER) != null)
				&& (!"".equals(session.getAttribute(GlobalConstants.LOGIN_USER)))) {
			
			chain.doFilter(request, response);
		} else {
			// 跳转到登陆页面
			httpServletResponse.sendRedirect("/IT_TalentEvaluation/pages/loginback.jsp");
		}
		
		/*if ((session.getAttribute(GlobalConstants.Login_UserName) != null)
				&& (!"".equals(session.getAttribute(GlobalConstants.Login_UserName)))) {
			
			chain.doFilter(request, response);
		} else {
			// 跳转到登陆页面
			httpServletResponse.sendRedirect("/IT_TalentEvaluation/pages/login.jsp");
		}*/
		
		
	}

	


	@Override
	public void destroy() {

	}

}
